GB-IDS: An Intrusion Detection System for CAN Bus Based on Graph Analysis

In smart connected vehicles, the controller area network (CAN) bus provides a platform for communication and interaction among various heterogeneous electronic control units (ECUs), enabling intelligent travel services for users. However, existing researches show that the CAN bus is vulnerable to various injection attacks (e.g., denial of service (DoS) attack, fuzzing attack, impersonation attack), which not only threaten the operation of vehicles but also jeopardize user safety. Traditional intrusion detection systems (IDSs) are limited in their practicality, as they either require parsing the CAN communication protocol of the vehicle or rely on massive amounts of training data. In this paper, we propose GB-IDS, a graph-based CAN bus detection system. GB-IDS leverages a novel graph structure that characterizes the CAN ID time series, which overcomes the protocol parsing defect and achieves more accurate characterization than previous works. Meanwhile, the variational autoencoder (VAE) is exploited to train classifiers without negative samples. Our experimental results on the public dataset, called OTIDS, demonstrate that GB-IDS can achieve high detection success rates, especially in the absence of negative samples.